From owner-cvs-all Tue Feb 5 14: 1: 8 2002 Delivered-To: cvs-all@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 698A837B421; Tue, 5 Feb 2002 14:00:53 -0800 (PST) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g15M0qx34588; Tue, 5 Feb 2002 22:00:52 GMT (envelope-from mark@grondar.za) Received: from greenpeace.grondar.org (greenpeace [192.168.42.2]) by gratis.grondar.org (Postfix) with ESMTP id 5DF2C38D; Tue, 5 Feb 2002 21:58:34 +0000 (GMT) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.org (8.11.6/8.11.6) with ESMTP id g15LwUs21329; Tue, 5 Feb 2002 21:58:30 GMT (envelope-from mark@grondar.za) Message-Id: <200202052158.g15LwUs21329@greenpeace.grondar.org> To: "Andrey A. Chernov" Cc: des@freebgsd.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c References: <20020205205907.GA8005@nagual.pp.ru> In-Reply-To: <20020205205907.GA8005@nagual.pp.ru> ; from "Andrey A. Chernov" "Tue, 05 Feb 2002 23:59:08 +0300." Date: Tue, 05 Feb 2002 21:58:25 +0000 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On Tue, Feb 05, 2002 at 19:49:38 +0000, Mark Murray wrote: > > > On Tue, Feb 05, 2002 at 15:20:44 +0300, Andrey A. Chernov wrote: > > > > > > > > 1) You break applications which expect the same sequence from random() > > > > (when initializing srandom() to some fixed value) since insert random() > > > > calls in the middle of application ones. > > > > > > In case my description is unclear, here is example: > > > > > > App: > > > srandom(33); > > > random(); > > > random(); > > > call PAM library > > > PAM calls random(); > > > PAM calls random() > > > return; > > > > /* application starts, control is handed over to the user */ > > srandom(33); > > random(); /* sequence is OK. */ > > It is OK at this point, but broken _after_ PAM called. > Lets imagine srandom(33) produce this hypotetical sequence for random() > calls: > > 2,4,6,7,8,9,1,2 > > Without PAM application got _all_ the values. > With PAM, PAM got some values for itself: > > 2,4,5,7,8,9,1,2 > ^^^^^ > \------ this three goes to PAM and not to application. Why is your program doing user stuff before it has authenticated? _After_ PAM, the user is free to srandom() ans much as he likes. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message